dejavuguides.com are completely managed by Cloudflare, not just the DNS configuration, Cloudflare is also proxying the web accesses to improve performance.
That means the SSL certificate for those domains should be configured in Cloudflare as Edge certificates, not in the WordPress instance, given that the https connections are stablished between the web browsers (clients) and Cloudflare (server).
If you check the Prerequisites to follow https://docs.bitnami.com/google/how-to/generate-install-lets-encrypt-ssl/, you can see "You have configured the domain name’s DNS record to point to the public IP address of your Bitnami application instance.". For the domains above, that's not happening, the domain names' DNS records point to Cloudfrlare.
On the other hand, you have another domain
blog.dejavuguides.com that is configured in Cloudflare but only for DNS, as you call it, "grey clouded". In that scenario, https connections are stablished between web browsers (clients) and the GCP WordPress instance (server).
In that second case, you should be able to follow https://docs.bitnami.com/google/how-to/generate-install-lets-encrypt-ssl/ without any issues but you shouldn't include the domains fully managed by Cloudflare. The command to execute would be something like:
sudo ./generate-certificate.sh -m firstname.lastname@example.org -d blog.dejavuguides.com
Let us know if this information helps you to understand the issue.